Abstract

This document specifies a negotiation mechanism for the Generic
Security Service Application Program Interface (GSS-API), which is
described in RFC 2743. GSS-API peers can use this negotiation
mechanism to choose from a common set of security mechanisms. If per-message integrity services are available on the established
mechanism context, then the negotiation is protected against an
attacker that forces the selection of a mechanism not desired by the
peers.
This mechanism replaces RFC 2478 in order to fix defects in that
specification and to describe how to inter-operate with
implementations of that specification that are commonly deployed on the
Internet. [STANDARDS-TRACK]